Vulnerability Details : CVE-2013-1050
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
Exploit prediction scoring system (EPSS) score for CVE-2013-1050
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1050
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-1050
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1050
-
https://bugzilla.gnome.org/show_bug.cgi?id=683060
Bug 683060 – Impossible to unlock screen if not using GDM
-
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126
Bug #1120126 “Screen locking broken because of AutostartConditio...” : Bugs : gnome-screensaver package : UbuntuVendor Advisory
-
https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4
move gnome-screensaver desktop file out of autostart (1940dc6b) · Commits · Archive / gnome-screensaver · GitLab
-
http://www.ubuntu.com/usn/USN-1716-1
USN-1716-1: gnome-screensaver vulnerability | Ubuntu security notices
Products affected by CVE-2013-1050
- cpe:2.3:a:gnome:gnome_screensaver:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_screensaver:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_screensaver:3.6.0:*:*:*:*:*:*:*